Webservices (REST API)
Configuration
REST API access is forbidden by default in web server configuration. You must allow and protect access (for example with htaccess).
You must also enable it in configuration:
$use_restapi = true;
API
Here are available services:
- POST /rest/v1/checkpassword.php
Check if a password respect the password policy
- Status Codes:
200 OK – Successful response
Examples
Check the strength of a password:
curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'newpassword=Wer123456' \
-u 'authuser:authpwd' \
http://ssp.example.com/rest/v1/checkpassword.php
Tip
Provide also login and oldpassword if you configured the password policy to check if new password is not the same as old password, not the same as login, or does not contain values from the LDAP entry.
Update password for a user checking the current password first:
curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'login=user1&oldpassword=W1WAf1234567&newpassword=Wer123456' \
-u 'authuser:authpwd' \
http://ssp.example.com/rest/v1/changepassword.php
Force a new password for a user:
curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'login=user1&newpassword=Wer123456' \
-u 'authuser:authpwd' \
http://ssp.example.com/rest/v1/adminchangepassword.php